[strongSwan] About the example host2host-cert!

Andreas Steffen andreas.steffen at strongswan.org
Tue Jan 11 04:16:00 CET 2011

Hello Vincent,

it seems that the other end is not reachable on IKE UDP port 500. If you
didn't start iptables then this port shouldn't be blocked. I rather
suspect that the IKE daemon on the other end is either not running
or not configured for the same IKE version (IKEv1 versus IKEv2).



On 11.01.2011 02:49, wenrongbupt wrote:
> Hi all,
> I configure the ipsec.conf according this url:http://www.strongswan.org
> /uml/testresults/ikev2/host2host-cert/.
> But everytime I run ipsec up host-host,the output is the packet
> retransmit five times,then said establishing IKE_SA failed,peer not
> response.
> I guess that the reason is I didn't configure iptables and didn't run
> /etc/init.d/iptables.I hadn't found the iptables in the dir /etc/init.d.
> I use ubuntu 9.04.
> I want to know how to configure iptables(the result same as
> http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/moon.iptables
> ) and the purpose of /etc/init.d/iptables?
> Thank you very much for your reply.
> Best Regards
> vincent

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list